KALI LINUX NETWORK SCANNING COOKBOOK

Book Image

KALI LINUX NETWORK SCANNING COOKBOOK

Book Image

KALI LINUX NETWORK SCANNING COOKBOOK

Overview of this book

Kali Linux Network Scanning Cookbook

Kali Linux Network Scanning Cookbook

Credits

About the Author

About the Author

About the Reviewers

About the Reviewers

www.PacktPub.com

www.PacktPub.com

Disclaimer

Preface

Free Chapter

Getting Started

Getting Started

Configuring a security lab with VMware Player (Windows)

Configuring a security lab with VMware Fusion (Mac OS X)

Installing Ubuntu Server

Installing Metasploitable2

Installing Windows Server

Increasing the Windows attack surface

Installing Kali Linux

Configuring and using SSH

Installing Nessus on Kali Linux

Configuring Burp Suite on Kali Linux

Using text editors (VIM and Nano)

Discovery Scanning

Discovery Scanning

Using Scapy to perform layer 2 discovery

Using ARPing to perform layer 2 discovery

Using Nmap to perform layer 2 discovery

Using NetDiscover to perform layer 2 discovery

Using Metasploit to perform layer 2 discovery

Using ICMP ping to perform layer 3 discovery

Using Scapy to perform layer 3 discovery

Using Nmap to perform layer 3 discovery

Using fping to perform layer 3 discovery

Using hping3 to perform layer 3 discovery

Using Scapy to perform layer 4 discovery

Using Nmap to perform layer 4 discovery

Using hping3 to perform layer 4 discovery

Port Scanning

UDP port scanning

TCP port scanning

UDP scanning with Scapy

UDP scanning with Nmap

UDP scanning with Metasploit

Stealth scanning with Scapy

Stealth scanning with Nmap

Stealth scanning with Metasploit

Stealth scanning with hping3

Connect scanning with Scapy

Connect scanning with Nmap

Connect scanning with Metasploit

Connect scanning with Dmitry

TCP port scanning with Netcat

Zombie scanning with Scapy

Zombie scanning with Nmap

Fingerprinting

Banner grabbing with Netcat

Banner grabbing with Python sockets

Banner grabbing with Dmitry

Banner grabbing with Nmap NSE

Banner grabbing with Amap

Service identification with Nmap

Service identification with Amap

Operating system identification with Scapy

Operating system identification with Nmap

Operating system identification with xProbe2

Passive operating system identification with p0f

SNMP analysis with Onesixtyone

SNMP analysis with SNMPwalk

Firewall identification with Scapy

Firewall identification with Nmap

Firewall identification with Metasploit

Vulnerability Scanning

Vulnerability Scanning

Vulnerability scanning with Nmap Scripting Engine

Vulnerability scanning with MSF auxiliary modules

Creating scan policies with Nessus

Vulnerability scanning with Nessus

Command-line scanning with Nessuscmd

Validating vulnerabilities with HTTP interaction

Validating vulnerabilities with ICMP interaction

Denial of Service

Denial of Service

Fuzz testing to identify buffer overflows

Remote FTP service buffer overflow DoS

Smurf DoS attack

DNS amplification DoS attack

SNMP amplification DoS attack

NTP amplification DoS attack

SYN flood DoS attack

Sock stress DoS attack

DoS attacks with Nmap NSE

DoS attacks with Metasploit

DoS attacks with the exploit database

Web Application Scanning

Web Application Scanning

Web application scanning with Nikto

SSL/TLS scanning with SSLScan

SSL/TLS scanning with SSLyze

Defining a web application target with Burp Suite

Using Burp Suite Spider

Using Burp Suite engagement tools

Using Burp Suite Proxy

Using the Burp Suite web application scanner

Using Burp Suite Intruder

Using Burp Suite Comparer

Using Burp Suite Repeater

Using Burp Suite Decoder

Using Burp Suite Sequencer

GET method SQL injection with sqlmap

POST method SQL injection with sqlmap

Requesting a capture SQL injection with sqlmap

Automating CSRF testing

Validating command injection vulnerabilities with HTTP traffic

Validating command injection vulnerabilities with ICMP traffic

Automating Kali Tools

Automating Kali Tools

Nmap greppable output analysis

Nmap port scanning with targeted NSE script execution

Nmap NSE vulnerability scanning with MSF exploitation

Nessuscmd vulnerability scanning with MSF exploitation

Multithreaded MSF exploitation with reverse shell payload

Multithreaded MSF exploitation with backdoor executable

Multithreaded MSF exploitation with ICMP verification

Multithreaded MSF exploitation with admin account creation

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Using Metasploit to perform layer 2 discovery

Metasploit is primarily an exploitation tool, and this functionality will be discussed in great length in the upcoming chapters. However, in addition to its primary function, Metasploit also has a number of auxiliary modules that can be used for various scanning and information gathering tasks. One auxiliary module, in particular, can be used to perform ARP scanning on the local subnet. This is helpful for many, as Metasploit is a tool that most penetration testers are familiar with, and the integration of this function into Metasploit reduces the total number of tools required for the duration of a given test. This specific recipe will demonstrate how to use Metasploit to perform ARP discovery.

Getting ready

To use Metasploit to perform ARP discovery, you will need to have at least one system on the LAN that will respond to ARP requests. In the examples provided, a combination of Linux and Windows systems are used. For more information on setting...